[tor-commits] [tor/master] Do not leave empty, invalid chunks in buffers during buf_pullup

nickm at torproject.org nickm at torproject.org
Mon Mar 9 15:10:12 UTC 2015


commit 71ee53fe9bdf3f64eef9b38de55960185e8be1b5
Author: Nick Mathewson <nickm at torproject.org>
Date:   Tue Mar 3 22:20:17 2015 +0100

    Do not leave empty, invalid chunks in buffers during buf_pullup
    
    This fixes an assertion failure bug in 15083; bugfix on 0.2.0.10-alpha.
    
    Patch from 'cypherpunks'
---
 changes/bug15083 |    6 ++++++
 src/or/buffers.c |    2 +-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/changes/bug15083 b/changes/bug15083
new file mode 100644
index 0000000..98d1d0e
--- /dev/null
+++ b/changes/bug15083
@@ -0,0 +1,6 @@
+  o Major bugfixes (relay, stability):
+    - Fix a bug that could lead to a relay crashing with an assertion
+      failure if a buffer of exactly the wrong layout was passed
+      to buf_pullup() at exactly the wrong time. Fixes bug 15083;
+      bugfix on 0.2.0.10-alpha. Patch from 'cypherpunks'.
+   
diff --git a/src/or/buffers.c b/src/or/buffers.c
index 9be0476..7976432 100644
--- a/src/or/buffers.c
+++ b/src/or/buffers.c
@@ -426,7 +426,7 @@ buf_pullup(buf_t *buf, size_t bytes, int nulterminate)
     size_t n = bytes - dest->datalen;
     src = dest->next;
     tor_assert(src);
-    if (n > src->datalen) {
+    if (n >= src->datalen) {
       memcpy(CHUNK_WRITE_PTR(dest), src->data, src->datalen);
       dest->datalen += src->datalen;
       dest->next = src->next;





More information about the tor-commits mailing list